CVE-2023-37559

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-37559
After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37558

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://cert.vde.com/en/advisories/VDE-2023-019/ Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_empc-a\/imx6_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_plcnext_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:codesys:control_rte_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_rte_sl_\(for_beckhoff_cx\):*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_win_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:development_system:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:safety_sil2:*:*:*:*:*:*:*:*
History

08 Aug 2023, 15:44

Type Values Removed Values Added
References (MISC) https://cert.vde.com/en/advisories/VDE-2023-019/ - (MISC) https://cert.vde.com/en/advisories/VDE-2023-019/ - Third Party Advisory
CPE cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_plcnext_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_win_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_rte_sl_\(for_beckhoff_cx\):*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_rte_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_empc-a\/imx6_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:development_system:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:safety_sil2:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:*
CWE CWE-20 NVD-CWE-noinfo

03 Aug 2023, 12:40

Type Values Removed Values Added
New CVE
Information

Published : 2023-08-03 12:15

Updated : 2024-02-05 00:01

NVD link : CVE-2023-37559

Mitre link : CVE-2023-37559

CVE.ORG link : CVE-2023-37559

JSON object : View

Products Affected

codesys

  • control_rte_sl_\(for_beckhoff_cx\)
  • control_for_raspberry_pi_sl
  • control_rte_sl
  • control_runtime_system_toolkit
  • control_for_pfc100_sl
  • control_win_sl
  • development_system
  • hmi
  • control_for_iot2000_sl
  • control_for_pfc200_sl
  • safety_sil2
  • control_for_wago_touch_panels_600_sl
  • control_for_empc-a\/imx6_sl
  • control_for_linux_sl
  • control_for_beaglebone_sl
  • control_for_plcnext_sl
CWE
NVD-CWE-noinfo CWE-20

Improper Input Validation